The annual Vermont Bar Association YLD Thaw Bowl was last Friday. Here’s a question that I used:

During a segment of a CLE, I shared my thoughts on two things:

last-minute changes to wire instructions; and,

a prospective out-of-state client who claims to be owed a debt by a Vermonter, and who only communicates with you by e-mail

What general topic was I discussing during that segment of the CLE?

It struck me that many were unfamiliar with the answer: trust account scams.

A lawyer has a duty to safeguard client property & funds. To me, the duty includes employing reasonable safeguards against trust account scams. Is falling for a scam an ethics violation? Not necessarily, but it might be.

I’ll share two scenarios.

Scenario 1

Imagine this: you have a personal checking account at a local bank. The bank notifies you that your money is gone. You are shocked. You learn that someone contacted the bank and directed the funds in your account to be wired to a different account. Your initial reaction might be “and you didn’t check with me to confirm!?!?”

That’s the “last-minute changes to wiring instructions” scenario. Now, flip the scenario: the missing money is a client’s that you were holding.

Granted, the scammers are sophisticated. Often, the change in wiring instructions will appear to have come from the client or opposing counsel.

I can’t stress enough that you can’t be too safe. The 30 seconds you take to call to confirm might be well worth it. When you do, initiate the call to a number that youalready have on file. Don’t call a new number that appears in the change to the wiring instructions. Don’t make the change based on a call to you.

If you think I’m being too cautious, please read this. It’s a post in the ABA Journal about an associate who was scammed into authorizing a $2.5 million disbursement from trust by a last-minute change to wiring instructions. A court order in the ensuing insurance claim is here.

And it’s not just me who is urging caution. Andy Mikell is State Manger & Title Counsel for Vermont Attorneys Title Corporation. I sent him the story of the $2.5 million scam. Here’s part of his response:

“An even newer approach involves the bad guys intercepting communications and then sending FAKE payoff letters to the Closing Attorney so that when seller’s mortgage is paid from the closing, the payoff money goes immediately to the wrong place. Poof!

So, in addition to telling folks to ‘trust no email’, I’m instructing our members to essentially “trust no payoff letter” either. It’s nasty out there but the scheme you forwarded should be preventable. Also, yes, we are telling folks to pay serious attention to their PLI policies. More offices are getting social engineering policies which are designed to insure against the wire scam.”

Andy also sent this article, one that goes into more detail on fraudulent mortgage payoff letters.

Scenario 2

The second scenario involves a scam that has been around even longer. There are many twists, but a few core ingredients:

a prospective client contacts you electronically;

the prospective client claims to be owed money by someone who is in Vermont;

the prospective client wants to hire you to collect the debt;

the prospective client never meets with you or contacts you by telephone.

It’s happened numerous times in Vermont. Usually the prospective client claims to have sold a product to a Vermonter. I’m also familiar with a version in which the prospective client claimed to be a Vermont Guard member who had been deployed out of the country, and whose ex-spouse had failed to pay the appropriate share of the proceeds of the sale of the marital home following a divorce. The prospective client asked the lawyer to enforce the terms of the divorce order.

No matter the variation, the scammers are good. They’ll send you what appear to be legit court orders, contracts & bills of sale. They will have created fake websites, both for themselves and the debtors. So, when you do some cursory research, it will look as if the debtor actually exists and is located in Vermont. Not only that, when you contact the debtor, someone will respond and acknowledge the debt.

Here’s where the rubber meets the road.

Shortly after making contact with the debtor, FedEx or UPS will deliver a check to your office. You will deposit the check into trust, then wire the “client’s” share. Weeks, if not months later, your bank will inform you that the check from the debtor was a fraudulent check. Quite likely, money that belonged to other clients – who are real – will no longer in your trust account.

Magically, the long outstanding debt resolved as soon as you got involved. If it sounds too good to be true, it probably is.

As I argued in this post, it strikes me that this scam is so well-known that falling for it violates the duty to take reasonable safeguards to protect client funds.

I’m writing again because the scams continue. In fact, this is something that HAS HAPPENED & WILL CONTINUE TO HAPPEN even here in little ol’ Vermont.

Here’s an excerpt from an e-mail that I received last week. I’ve removed identifying information.

“I had a commercial closing today in which I was representing the seller and the seller’s proceeds (a substantial amount) were to be wired by the settlement agent [another lawyer] to a 1031 intermediary. I had verified the wire instructions with the 1031 intermediary (with whom I have worked many times) and with [the settlement agent’s] office by phone in advance of closing. Twenty minutes before the scheduled closing, [the settlement agent’s] office received an e-mail which purported to be from me concerning the wire instructions. The e-mail was not from me, but it looked authentic but for an error in our office phone number and when you scrolled over the address, you could see it originated from a different e-mail address (not mine). Fortunately, [the settlement agent’s office] realized it was a fraudulent e-mail and did not reply. The hacker had clearly been following the e-mail traffic on this transaction and presumably the fraud would have involved the hacker providing revised wire instructions to its own account and our client’s proceeds would have been gone—even if [the settlement agent] had replied, this would not have occurred because I had a hard copy of the wire instructions with me to verify with her at the closing table. Fraud averted, but it is a powerful reminder that we are not immune from these sophisticated frauds. I ended up getting a check to FedEx instead of following through with the wire.”

I exchanged a few e-mails with the seller’s lawyer and we eventually spoke by telephone. While the scam sprung to life pre-closing, the lawyer told me something that makes good sense and that I thought I’d pass on. In the lawyer’s words:

“our policy [is] that there are no post-closing changes in payment method. Once that check leaves [our possession at] the closing, that is it (we put that one in place after we first heard about the use of mobile deposit and the fraudster who use the mobile deposit app and then returned with the check to the closing agent and asked to have the funds wired instead).”

Finally, please do not think that real estate lawyers are the only targets of this scam. Scammers will target any type of transaction. Whether wiring settlement funds to a personal injury client, wiring sale proceeds to a seller, or wiring money to anyone for any reason whatsoever, beware of changes to wiring instructions.

On the road this morning, I heard from Lon McClintock. Lon is a regular reader and frequent member of the #fiveforfriday Honor Roll He shared news of a scam that is currently targeting Justices of the Peace. I suspect that many of you are JPs, know JPs, or represent JPs. So, I’m passing it along.

The scam is a variation on what should be a familiar scheme. More specifically, it’s a twist on Example 1 from this post on common trust account scams. Here’s how it works:

Justice of the Peace is contacted and asked to perform a marriage.

JP agrees and informs Betrothed of the fee.

Betrothed sends a check that is an amount far in excess of the fee.

JP contacts Betrothed, says the check is for too much.

Betrothed instructs JP to deposit the check & send Betrothed a check for the difference.

Betrothed’s check turns out to be fraudulent, but by the time JP learns of the fraud, money is gone from the account that JP used to refund the excess.

Last week, Lawyer was set to represent Buyer in a purchase of property. Buyer intended to fund the purchase with Buyer’s own money. Lawyer provided Buyer with instructions on how to wire the funds ($110,000) to Lawyer’s trust account.

Two days before closing, Buyer received a text message with revised wiring instructions. Buyer did not call, e-mail, or otherwise confirm the change with Lawyer. Buyer instructed bank to wire the funds to the account reflected in the text message.

It was a scam.

As pointed out in last week’s blog, lawyers should confirm with clients upon receiving a last-minute change to wiring instructions. Lawyers should instruct clients to do the same and, in addition, inform clients that it is highly unlikely that a lawyer’s wiring information will change in the day or too before a closing.

Of course, the latest scam raises a question as to how the scammer knew to text Buyer. Did Lawyer fail to take reasonable precautions to safeguard client information? For now, it’s too early to tell.

The final Friday of any month tends to be a busy day for Vermont’s real estate bar. I suspect that there are lots of closings and refi’s scheduled for today & tomorrow. So, I thought I’d re-post this blog that originally ran on March 8. If it helps, pretend I’m using my Elmer Fudd voice when I say:

Andy Mikell is State Manager & Title Counsel at Vermont Attorneys Title Corporation. He’s also a former member of the VBA’s Board of Managers and, perhaps the most important feather of the many in his cap, a friend of this blog. With respect to Jennifer’s point on 2-factor authentication, Andy notes:

“We are telling folks that the ONLY appropriate 2nd factor authentication method is for the ‘Wiring Firm’: (a) to initiate the verification call; (b) to a phone number that they independently obtained/verified. In other words it is NOT acceptable: (a) to receive a confirmatory phone call or (b) to call a phone number in the email which contains the requested wire change.”

Andy’s point is crucial. Initiating the call is key because scammers can trick your caller ID into showing a number that you think to be the client’s. Further, a last-minute change in wire instructions that’s accompanied by “oh, and i have a new phone number too, please call it to confirm” should set off alarms even if you don’t have any alarms.

Andy Mikell is State Manager & Title Counsel at Vermont Attorneys Title Corporation. He’s also a former member of the VBA’s Board of Managers and, perhaps the most important feather of the many in his cap, a friend of this blog. With respect to Jennifer’s point on 2-factor authentication, Andy notes:

“We are telling folks that the ONLY appropriate 2nd factor authentication method is for the ‘Wiring Firm’: (a) to initiate the verification call; (b) to a phone number that they independently obtained/verified. In other words it is NOT acceptable: (a) to receive a confirmatory phone call or (b) to call a phone number in the email which contains the requested wire change.”

Andy’s point is crucial. Initiating the call is key because scammers can trick your caller ID into showing a number that you think to be the client’s. Further, a last-minute change in wire instructions that’s accompanied by “oh, and i have a new phone number too, please call it to confirm” should set off alarms even if you don’t have any alarms.

So, earlier today, I warned of a phishing scam that I believed to be targeting lawyers.

Here’s how the afternoon went.

An attorney contacted the Professional Responsibility Program. The attorney informed my assistant of receiving an email from the “ethics board” that informed the attorney that a complaint had been filed. The attorney indicated that the e-mail invited the attorney to click on a link to review the complaint and another to file a response.

My assistant asked the attorney to forward the e-mail. Then, my assistant informed me that there might be a phishing scam targeting lawyers and that she’d forward the e-mail as soon as she received it from the attorney who contacted her. Minutes later, she received the e-mail and forwarded it to me.

It was obvious that the e-mail was not from Bar Counsel, Disciplinary Counsel, or anyone associated with the Professional Responsibility Program. So, I immediately posted to my blog, warning about the scam. I also posted the warning on Twitter and Instagram.

Next, I sent out a warning via e-mail to a very large distribution list. In it, I warned about the scam. Finally, I notifed lawyers in the Secretary of State’s Office of Professional Regulation, for their own benefit and in case the scammers were also targeting other licensed professionals. As I was typing the e-mail, Disciplinary Counsel Sarah Katz left me a voice mail. In her message, she said that an attorney had contacted her to ask about an e-mail that purported to notify the attorney that a complaint had been filed with the “ethics board.” Sarah and the attorney were concerned that the e-mail was fake and a phishing scam. The attorney who contacted Sarah was not the same attorney who contacted my assistant.

In short, within minutes of each other, two different attorneys contacted the Professional Responsibility Program to register concern about what appeared to be a phishing scam targeting lawyers.

Turns out, the two lawyers work at the same place. I’ve since heard from another lawyer who works there, as well as someone from their IT. Here’s what the IT person wrote: “Mike, please call me on my cell (xxx-xxxx) or at work at (xxx-xxxx) so that we can talk about the email scam which was a phishing test originated by me.”

That’s right. False alarm.

Interesting.

Especially since today’s “phishing test” was almost identical to an actual scam that targeted lawyers last summer, prompted warnings from the state bars of Nevada, California, and Florida, and resulted in this blog post from me.

I apologize for any inconvenience that I caused.

To be clear, I did not have prior notice. The office where it happened isn’t exactly small. I wonder if schools let the fire department know before they conduct fire drills.

In any event, it’s a learning opportunity. As I mentioned last year and again today, the scam is not uncommon. The Professional Responsibility Program will never ask a lawyer to click on a link to open or respond to a disciplinary complaint.

Re-posted on May 24, 2017 to reinforce the message and because I inadvertently posted a draft version last night.

I am scheduled to present several CLE programs on various topics between now and the end of June. At each, no matter my assigned topic, I will use some of the time to warn about trust account scams.

At the seminars, I will be very clear: in my opinion, we’re not far from the day when “but I was scammed!” will not excuse a violation of the rules. It might mitigate the ultimate sanction, but it will not excuse the failure to safeguard client funds.

By way of analogy, I’ve used this blog to stress the duty to safeguard client information.

With respect to client information:

Rule 1.1’s duty of competence includes a duty to act competently to protect client communications.

Rules 1.1 and 1.6 operate to impose a duty to take reasonable precautions to ensure that client information is not disclosed to or accessed by people who shouldn’t receive or access it.

The duty necessarily includes taking reasonable precautions to safeguard client information that is transmitted and stored electronically.

I feel the same about client funds.

Rule 1.1 requires lawyers to provide competent representation.

Rule 1.15 is entitled “safekeeping property.”

I construe the two rules as operating to impose a duty to act competently to safeguard client funds.

The duty necessarily includes a duty to take reasonable precautions to ensure that client funds are not disbursed to or accessed by people who shouldn’t receive or access them.

In order to take reasonable precautions to safeguard client funds, it’s crucial to understand the various threats to client funds. Here are 3 common trust account scams and their telltale signs.

Client Outside Vermont is Owed a Debt by a Vermonter

Compromised E-Mail/Wire Instructions

Recipient of Trust Account Check Asks for Wire Instead

Client Outside Vermont is Owed a Debt by a Vermonter. Client, who is outside of Vermont, contacts Lawyer by e-mail and asks Lawyer for help collecting a debt from someone in Vermont. This version of the scam can take various forms, including:

Client recently divorced and moved away (or was deployed). The marital property was in Vermont. Ex-spouse sold the property and has refused to send Client’s share of the proceeds.

Typically, within a very short time of Lawyer agreeing to represent Client, UPS or FedEx delivers a check from “debtor” to Lawyer. Client is thrilled at how quickly Lawyer convinced debtor to pay! Client directs Lawyer to deposit the check, keep a chunk, and wire the remainder to Client. Lawyer deposits the check into trust & disburses Client’s share.

A few weeks later, Lawyer’s bank informs Lawyer that the check from “debtor” was fraudulent. Money that belonged to other clients is no longer in trust, having vanished with the wire to Client. Trust me, we ain’t in Kansas anymore. The odds of contacting “Client” and having him or her return the money are not good.

This has happened MULTIPLE times in Vermont over the past year. Last year, disciplinary counsel recommended that a hearing panel of the Professional Responsibility Board admonish a lawyer who had fallen for this precise scam and improperly disbursed over $400,000 from trust. The panel rejected the request, concluding that falling for the scam did not rise to the level of an ethics violation.

It’s inconceivable to me that this version of the scam isn’t a violation. It’s not the equivalent of a football team scoring a touchdown by surprising the defense with a trick play. It’s Tom Brady throwing a pass to Rob Gronkowski running uncovered down the middle of the field – – with the defenders claiming in the post-game press conference that they didn’t know the Patriots might do that.

To be clear, if Gronkowski is double-teamed but makes an incredible catch of an even more incredible pass, that’s one thing. On the other hand, the failure to cover Gronkowski as he runs down the middle of the field amounts to a failure to take reasonable precautions against a touchdown pass byTom Brady.

Compromised E-Mail/Wire Instructions. This version scam typically targets real estate closings. Attorney holds, or soon will hold, Seller’s proceeds. Attorney receives an e-mail instructing Attorney to wire the proceeds to an account that is different from any account Seller may have previously provided to Attorney.

In one version of this scam, the e-mail account is fake. For example, let’s pretend I am the Seller.

My e-mail address is michael.kennedy@vermont.gov. Attorney holds the proceeds of the sale of my house. Attorney receives an e-mail from micheal.kennedy@vermont.gov instructing Attorney to wire the proceeds to an account that is not the same account that I previously provided to Attorney.

Do you see the scam? If not, here’s a hint. My name is Michael. Look closely at how I spelled my first name in the 2nd email address.

This happened in northern Vermont last year. Seller’s attorney wired the funds after receiving an e-mail that appeared to be from Seller, but was from Seler. In a stroke of incredible good fortune, Seller happened to walk into Attorney’s office within minutes of Attorney wiring the funds. They quickly figured out what had happened, contacted Attorney’s bank, and stopped the wire.

In another version of this scam, the e-mail is actually from Seller or Seller’s attorney, but the account has been hacked/compromised. The e-mail includes new wiring instructions and is often followed-up by a phone call from a number that’s been hacked to appear as if it’s from Seller or Seller’s attorney. Like the others, this version of the scam recently caught a Vermont lawyer.

When wiring instructions are changed by e-mail or phone call, take the time to confirm the change by speaking with someone who you know (a) is who they say they are; and, (b) has the authority to make the change.

The North Carolina State Bar issued a warning about this version of the scam. Please read the warning. In my view, the duties that it highlights are as applicable in Vermont as they are in North Carolina.

Recipient of Trust Account Check Asks for Wire Instead. This has been going on for years. Attorney delivers a trust account check. The recipient asks Attorney for a wire instead.

Alarm bells should go off whenever you deliver a check and the recipient asks that you disburse by wire instead.

Even if this happens at the closing table, and the request for a wire comes 3 seconds after you handed a trust account check to Seller, beware! Without you noticing, Seller might have used a mobile device to scan and “deposit” the check. When you take it back and send a wire instead, the money could be gone TWICE from your trust account. Money that belongs to other clients.

This too happened many years ago in Vermont. Client arrived at Lawyer’s office to pick up a check. Lawyer handed the check to Client. Client left the office, but came back in about a minute later. Client gave the check back to Lawyer and asked for a wire. Lawyer took back the check, ripped it up, and wired the funds.

In the parking lot, Client had used an app to “cash” the check.

Key takeaway: your antennae should be tuned into any situation in which you deliver funds by trust account check & the payee later asks for them by wire instead.

Again, I do not think we’re far from the day when a lawyer who falls for a scam will be disciplined. My thinking mirrors the conclusion reached by the North Carolina State Bar in Inquiries #4 & #5 of 2015 Formal Opinion 6. As the NC Bar stated:

a lawyer has a duty to implement reasonable security measures to protect client funds;

a lawyer has a duty to stay abreast of the risks associated with online banking and to actively maintain end-user security at the law firm, including by non-legal staff; and,

the failure to verify a disbursement change constitutes a failure to use to reasonable precautions to protect client funds.

I understand that scams are sophisticated and ever-evolving. But most scams share telltale signs. At some point, we’re going to have accept the old adage: fool us once, shame on you. Fool us twice, shame on us.